On Tue, Apr 18, 2017 at 02:10:16PM +0200, Dominick Grift wrote: > On Tue, Apr 18, 2017 at 07:03:23AM -0500, Ian Pilcher wrote: > > On 04/18/2017 01:15 AM, Dominick Grift wrote: > > > acme_nss_t needs to be associate with "can_change_object_identity" to > > > be able to change the object identity from system_u to unconfined_u > > > > > > typeattribute acme_nss_t can_change_object_identity; > > > > > > or the appropriate macro: > > > > > > domain_obj_id_change_exemption(acme_nss_t) > > > > Excellent, thank you! > > > > > > > > But there is no need to change the object identity in the first > > > place, system_u will do fine. > > > > I'll have to think about this. I'm actually copying a directory tree > > from one place to another and copying the context from the source to > > destination with getfilecon() and setfilecon(). > > If you would be using getfilecon() then you would, most likely, not end up > with unconfined_u as the identity
if there is a getfilecon_default() then try that instead of getfilecon() > > where are you copying that object to? There should be no content with type > "cert_t" in a user home directory > > > > > What APIs should I use if I *only* wanted to copy the type? > > > > -- > > ======================================================================== > > Ian Pilcher [email protected] > > -------- "I grew up before Mark Zuckerberg invented friendship" -------- > > ======================================================================== > > _______________________________________________ > > Selinux mailing list > > [email protected] > > To unsubscribe, send email to [email protected]. > > To get help, send an email containing "help" to > > [email protected]. > > -- > Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 > https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 > Dominick Grift -- Key fingerprint = 5F4D 3CDB D3F8 3652 FBD8 02D5 3B6C 5F1D 2C7B 6B02 https://sks-keyservers.net/pks/lookup?op=get&search=0x3B6C5F1D2C7B6B02 Dominick Grift
signature.asc
Description: PGP signature
_______________________________________________ Selinux mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
